Executive Summary
- A Russian national wanted by the U.S. for hacking has been arrested in Phuket, Thailand, in a joint operation with the FBI.
- The suspect is believed to be Aleksey Lukashev, a GRU intelligence officer indicted for interference in the 2016 U.S. presidential election.
- Lukashev is allegedly a member of the GRU-linked hacking group APT28, also known as Fancy Bear.
- Thai authorities are also investigating the suspect for local cybercrimes involving the theft of over $432,000 in cryptocurrency.
A 35-year-old Russian citizen, believed to be a high-level military intelligence officer wanted by the United States for interfering in the 2016 presidential election, has been arrested in Phuket, Thailand. The arrest, announced by Thai cyber police on November 12, was part of a joint operation with the FBI, which had tracked the suspect’s entry into the country on October 30.
While Thai authorities have not officially named the suspect, reporting from the independent outlet Vot Tak notes that his age matches only one GRU hacker on the FBI’s public wanted list: Aleksey Viktorovich Lukashev. According to the FBI, Lukashev is a senior lieutenant in Russia’s Main Intelligence Directorate (GRU) assigned to Unit 26165. He was indicted by a U.S. federal court in 2018 on charges of conspiracy to commit computer intrusions, aggravated identity theft, and money laundering.
Lukashev is one of 12 GRU agents accused of hacking computers belonging to American political organizations and state election boards, as well as stealing and leaking data. This operation was conducted by the hacker group known as APT28 or Fancy Bear, which has been identified as GRU Unit 26165. The group’s most prominent operation was the 2016 breach of Democratic Party servers, which U.S. intelligence agencies concluded was part of an effort to influence the presidential election.
During the arrest, at which FBI representatives were present as observers, authorities seized laptops, phones, and digital wallets for forensic examination. In a separate but related local investigation, Thai police reported that the suspect is also linked to malware attacks that stole over $432,000 in cryptocurrency from at least six victims in Thailand. Authorities have since frozen and returned the assets.
The suspect is currently in custody, and the case has been forwarded to the Thai attorney general’s office to begin extradition proceedings to the United States. It is important to note that all individuals are presumed innocent until proven guilty in a court of law.
